How to Protect Yourself from Online Hackers
Kurt Wagner '12
I learned a lot from the 2016 presidential election—some of it I wish I could forget—but one of the most important lessons has been the reminder that your digital footprint can come back to haunt you. Just ask Hillary Clinton.
But I’m not running for President, you might be thinking. And yes, that probably means you’re not a target of some complicated Russian hacking scheme. But a stranger gaining access to your Facebook or Twitter or email account can be embarrassing and invasive, not to mention dangerous.
A lot of the security around these kinds of online accounts depends on the companies that created them. A relatively recent security breach at Yahoo, for example, compromised the account information of more than one billion users. It’s something that was, unfortunately for the company’s users, out of their control.
But don’t fret—there are a few simple things you can do to better protect yourself online.
This may sound obvious, but don’t use obvious passwords. The most common password used in 2016 was “123456.” Seriously. Creating new, complicated passwords for all of your accounts is a true challenge, but there are services, like LastPass or 1Password, that will remember all your passwords for you behind one master password. It’s a good alternative for people who have a lot of accounts in different places, and should help ensure that if one account is compromised, your others won’t be.
If your password ever does end up in the wrong hands, you can still protect yourself with something called “two-factor authentication,” which requires a second level of protection any time you sign into one of your accounts from a new device. It works by sending a secret code via text or phone call to a phone number you’ve provided every time it notices someone trying to login with your credentials on a device you’ve never used before. Without the code, your password alone won’t work. Essentially, it means that a hacker would need both your password and your cellphone in order to crack your account. Most email clients and social networks offer this level of security.
A number of messaging apps have started to offer what is called end-to-end encryption, a service that sounds complicated, but really just means that messages you send via these services only ever exist in two places: your device and the device that you’ve sent it to. (Most likely, your phone and your friend’s phone.) Messages are not stored on a company’s servers, which means there is no way for anyone to read your private messages without physically stealing your phone or laptop. Not everyone agrees with encryption. The technology was the source of major controversy last year when the FBI tried to force Apple to break into a phone used by one of the San Bernardino shooters in order to read encrypted messages. You can see a list of encrypted messaging services here.
Some things just shouldn’t be put online—ever, even in private email. Social security numbers, banking passwords, inappropriate photos. There are ways to protect yourself, but you should also operate under the assumption that anything you share online may one day become public. Some things are better handled with a phone call or in person.